定制 marcocesarato/amwscan 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

marcocesarato/amwscan

Composer 安装命令:

composer require marcocesarato/amwscan

包简介

AMWSCAN (Antimalware Scanner) is a php antimalware/antivirus scanner console script written in php for scan your project. This can work on php projects and a lot of others platform.

README 文档

README

Version

PHP Antimalware Scanner

Version Requirements Code Style License GitHub

If this project helped you out, please support us with a star ⭐

Documentation

Description

PHP Antimalware Scanner is a free tool to scan PHP files and analyze your project to find any malicious code inside it.

It provides an interactive text terminal console interface to scan a file, or all files in a given directory (file paths can also be managed using --filter-paths or --ignore-paths), and find PHP code files that seem to contain malicious code. When a probable malware is detected, will be asked what action to take (like add to the whitelist, delete files, try clean infected code, etc).

The package can also scan the PHP files in a report mode (--report|-r), so without interacting and outputting anything to the terminal console. In that case, the results will be stored in a report file in HTML (default) or text format (--report-format <format>).

This scanner can work on your own php projects and on a lot of other platforms using the right combination of configurations (ex. using --lite|-l flag can help to find less false positivity).

⚠️ Remember that you will be solely responsible for any damage to your computer system or loss of data that results from such activities. You are solely responsible for adequate protection and backup of the data before executing the scanner.

How to contribute

Have an idea? Found a bug? Please raise to ISSUES or PULL REQUEST. Contributions are welcome and are greatly appreciated! Every little bit helps.

📘 Requirements

  • php 7.4+ (PHP 8.x recommended)
    • php-xml
    • php-zip
    • php-mbstring
    • php-json
    • php-common
    • php-curl
    • php-gd

📖 Install

Release

You can use one of these methods to install the scanner by downloading it from GitHub or directly from the console.

Download

Go to the GitHub page and press on the Releases tab or download the raw file from:

Download

Console

  1. Run this command from the console (the scanner will be downloaded to your current directory):

    wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner

  2. Run the scanner:

    php scanner ./dir-to-scan -l ...

  3. (Optional) Install as bin command (Unix Bash)

    Run this command:

    wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner -O /usr/bin/awscan.phar && \
    printf '#!/bin/bash\nphp /usr/bin/awscan.phar $@' > /usr/bin/awscan && \
    chmod u+x,g+x /usr/bin/awscan.phar && \
    chmod u+x,g+x /usr/bin/awscan && \
    export PATH=$PATH":/usr/bin"

    Now you can run the scanner simply with this command: awscan ./dir-to-scan -l...

Composer

The package is available on Packagist.

Global Installation (recommended)

For system-wide installation, use:

composer global require marcocesarato/amwscan

After installation, run the scanner using:

php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php <path-to-scan> [options]

Or create an alias for easier usage:

alias amwscan='php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php'

Then you can run: amwscan <path-to-scan> [options]

Project-Level Installation

For installing within a specific project:

composer require marcocesarato/amwscan

After installation, run the scanner using:

php vendor/marcocesarato/amwscan/src/index.php <path-to-scan> [options]

Source

Download

Click the GitHub page "Clone or download" or download from:

Download

Git
  1. Install git
  2. Copy the command and link from below in your terminal: git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner
  3. Change directories to the new ~/PHP-Antimalware-Scanner directory: cd ~/PHP-Antimalware-Scanner/
  4. To ensure that your master branch is up-to-date, use the pull command: git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner
  5. Enjoy

🐳 Docker

  1. Download the source
  2. Build command docker build --tag amwscan-docker .
  3. Run command docker run -it --rm amwscan-docker bash

🧪 Testing

The project includes a comprehensive test suite with unit and integration tests.

Running Tests

# Run all tests
composer test

# Run only unit tests
composer test:unit

# Run only integration tests
composer test:integration

# Generate coverage report
composer test:coverage

Writing Tests

Tests are organized into:

  • Unit Tests (tests/Unit/) - Fast, isolated tests for individual classes
  • Integration Tests (tests/Integration/) - CLI execution tests with various configurations
  • Test Fixtures (tests/Fixtures/) - Sample files for testing (clean, malware, obfuscated)

For detailed information on writing and debugging tests, see TESTING.md.

Continuous Integration

Tests run automatically on pull requests and pushes across multiple PHP versions (7.4, 8.0, 8.1, 8.2, 8.3).

🔎 Scanning mode

The first think you need to decide is the strength, you need to calibrate your scan to find less false positive as possible during scanning without miss for real malware. For this you can choose the aggression level.

The scanner permit to have some predefined modes:

Mode Alias 🚀 Description
None (default) 🔴 Search for all functions, exploits and malware signs without any restrictions
Only exploits -e 🟠 Search only for exploits definitions
Use flag: --only-exploits
Lite mode -l 🟡 Search for exploits with some restrictions and malware signs (on Wordpress and others platform could detect less false positivity)
Use flag: --lite
Only functions -f 🟡 Search only for functions (on some obfuscated code functions couldn't be detected)
Use flag: --only-functions
Only signatures -s 🟢 Search only for malware signatures (could be a good solution for Wordpress and others platform to detect less false positivity)
Use flag: --only-signatures

💻 Usage

Command line

php amwscan ./mywebsite/http/ -l -s --only-exploits
php amwscan -s --max-filesize="5MB"
php amwscan -s -logs="/user/marco/scanner.log"
php amwscan --lite --only-exploits
php amwscan --exploits="double_var2" --functions="eval, str_replace"
php amwscan --ignore-paths="/my/path/*.log,/my/path/*/cache/*"

Doesn't work?

In case above command doesn't work, you can use script responsible for malware scan manually by executing: php dist/scanner <path>

To check all options check the Documentation

Suggestions

If you are running the scanner on a Wordpress project or other popular platform use --only-signatures or --lite flag to have check with less false positive but this could miss some dangerous exploits like nano.

Programmatically

On programmatically silent mode and auto skip are automatically enabled.

use AMWScan\Scanner;

$app = new Scanner();
$report = $app->setPathScan("my/path/to/scan")
              ->enableBackups()
              ->setPathBackups("/my/path/backups")
              ->enableLiteMode()
              ->setAutoClean()
              ->run();
Report Object
object(stdClass) (7) {
  ["scanned"]    => int(0)
  ["detected"]   => int(0)
  ["removed"]    => array(0) {}
  ["ignored"]    => array(0) {}
  ["edited"]     => array(0) {}
  ["quarantine"] => array(0) {}
  ["whitelist"]  => array(0) {}
}

🎨 Screenshots

Report

HTML report format (default)

Screen Report

Interactive CLI

Screen Full

marcocesarato/amwscan 适用场景与选型建议

marcocesarato/amwscan 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 19.37k 次下载、GitHub Stars 达 770, 最近一次更新时间为 2019 年 02 月 11 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「code」 「shell」 「tool」 「base64」 「decode」 「scanner」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 marcocesarato/amwscan 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 marcocesarato/amwscan 我们能提供哪些服务?
定制开发 / 二次开发

基于 marcocesarato/amwscan 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 19.37k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 770
  • 点击次数: 9
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 770
  • Watchers: 30
  • Forks: 119
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-3.0-or-later
  • 更新时间: 2019-02-11